Boundary

In the Ambient Calculus (and engineering systems generally) — the syntactic / runtime delimiter of an administrative domain. An ambient n[P] is a process P enclosed in a named boundary n; mobility is boundary-crossing, governed by Capabilities (Ambient). The notion generalises across firewalls (network boundary), processes (OS boundary), containers, sandboxes, and capability-secured object graphs (Capability Security). The choice of boundary placement is a primary architectural decision in any distributed-system design.

In this vault

Backlinks

Mobile Ambients

Linked Pages

Computational Boundary of a Self

The Computational Boundary of a “Self”: Developmental Bioelectricity Drives Multicellularity and Scale-Free Cognition

Reference: Michael Levin (2019). Frontiers in Psychology, Vol. 10, Article 2688. Source file: fpsyg-10-02688.pdf. URL

Summary

Levin proposes a biologically grounded, scale-free definition of cognitive “Individuals” based on their capacity to pursue goals at a characteristic level of scale and organization. A Self is demarcated by a computational surface — a spatio-temporal “cognitive light cone” defining what events it can measure, model, and influence. Higher goal-directed agency, he argues, evolves smoothly from the primal homeostatic TOTE loop that living things use to reduce stress between current and life-optimal conditions.

The central mechanism is developmental bioelectricity — the ability of cells to form bioelectrical networks (via gap junctions, ion channels) that process information and guide embryogenesis, regeneration, and possibly higher cognition. Levin sketches gradual evolutionary steps from physiological homeostasis in single cells to memory, prediction, and complex cognition, proposing that multi-scale Individuals emerge from the “scale-up of the basic drive of infotaxis.” Implications span cancer biology, AI, bioengineering, and exobiology.

Key Ideas

Individuals defined by goal-pursuit capability and cognitive light cone, not anatomy.
Developmental bioelectricity as substrate for scale-free cognition.
Continuum from stimulus-response to predictive agency (TOTE loops).
Cancer as a shift in the boundary of the Self to a single-cell scope.
Testable predictions for biomedicine, evolutionary biology, and AI.

Connections

Conceptual Contribution

Claim: A cognitive “Individual” is demarcated not by anatomy but by a computational surface — the spatio-temporal cognitive light cone over which it can measure, model, and act — and such Selves scale up smoothly via developmental bioelectricity from single cells to multicellular organisms.
Mechanism: Synthesises cognitive science, evolutionary biology, and developmental physiology; defines Individuality by goal-pursuit capacity at a level of organisation; proposes a continuum of cognitive powers (TOTE loops parametrised by memory/prediction depth); argues gap-junctional bioelectric networks are the substrate that binds sub-agents into larger Selves, with cancer as a concrete boundary-shrinkage phenomenon.
Concepts introduced/used: Cognitive Light Cone, Scale-Free Cognition, Developmental Bioelectricity, Individuality, TOTE Loop, Infotaxis, Computational Surface, Goal-Directedness
Stance: foundational / theoretical-biology
Relates to: Provides a biological grounding for the multi-scale agency assumptions behind Multi-Agent Systems and Self-Adaptation Self-Expression Self-Awareness ASCENS; the TOTE/homeostasis framing connects to control-loop views in A Composite Self-organisation Mechanism in an Agent Network; informs what “agent” could mean for Myconet Fungi Inspired Superpeer Overlay and bio-inspired coordination.

In this vault

Capabilities (Ambient)

The three boundary-crossing primitives of the Ambient Calculus: in n enters a sibling ambient named n, out n exits the parent ambient if it is named n, open n dissolves a child ambient named n. Possession of a capability name is the formal account of access: a process can cross a boundary iff it has the corresponding capability. Conceptually adjacent to Capability Security in the Dennis–Van Horn lineage — both treat the unforgeable name-as-token as the primitive of permission.

In this vault

Ambient Calculus

The process calculus of Cardelli & Gordon (1998) in which the primary mobile entity is a named bounded region (an ambient) rather than a channel name as in the Pi-Calculus. Movement is expressed by the three capabilities in n, out n, open n. Captures administrative-domain structure (firewalls, address spaces, hosts) directly in the syntax. See Mobile Ambients.

In this vault

Mobile Ambients

Reference: Cardelli, L. & Gordon, A. D. (1998). Mobile Ambients. In Foundations of Software Science and Computational Structures (FoSSaCS ’98), LNCS 1378, pp. 140–155, Springer. Journal version: Theoretical Computer Science 240(1), pp. 177–213, 2000. DOI · Open access PDF (UPenn)

Summary

Cardelli and Gordon argue that the Pi-Calculus models communication elegantly but does not natively model administrative domains — the bounded, named, hierarchically nested regions across which computation moves on the actual Internet (firewalls, address spaces, processes, machines, networks). Their ambient calculus makes the location itself the primary mobile entity. An ambient n[P] is a named bounded region containing a process P. A small set of capabilities — in n.P, out n.P, and open n.P — drive movement: in n enters a sibling ambient named n; out n exits the parent ambient if it is named n; open n dissolves the boundary of a child ambient named n, merging its contents with the current location. Communication is local: (x).P reads from a shared anonymous channel within the surrounding ambient. Mobility and access control reduce to one question — does a process possess the capability to cross a particular boundary? The calculus has standard structural-congruence-and-reduction operational semantics, a logical companion (the ambient logic, with location-modal connectives), and type systems regulating mobility. It supplies the formal substrate for reasoning about agents that physically relocate — mobile-code platforms, container migration, and (today) WASM components moving between hosts.

Key Ideas

Locations as first-class movable entities: the basic mobile thing is a named bounded region, not a name-as-channel; this captures administrative-domain structure that pure π struggles to express.
Three capabilities — in, out, open — suffice: every mobility scenario reduces to a sequence of crossings governed by capability possession; access control becomes “do you have the capability name?”
Spatial nesting as syntax: ambient terms form trees n[P | m[Q] | …]; the structural-congruence laws are spatial as well as algebraic. The ambient logic adds location modalities (@n reads “at ambient n”) for spatial reasoning.
Bounded computation: an ambient acts like a bag carrying its computation; its contents proceed concurrently inside the boundary, distinct from the outside world.
Communication restricted to local anonymous channels: a deliberate departure from π’s named channels — values are read off the local “ether” within an ambient. Gives an asymmetric model where mobility is global but communication is local.
Type systems for mobility: subsequent work (Cardelli, Ghelli, Gordon 1999/2000) gives type disciplines that statically constrain which ambients may cross which boundaries — the ancestor of capability-typed mobile-code systems.
Deliberate engineering target: motivated explicitly by Java applets, Telescript-style mobile agents, and firewall-bounded computation — process-calculus theory aimed at the engineering reality of distributed systems.

Connections

Conceptual Contribution

Claim: Modelling internet-scale distributed computation requires a process calculus in which the location is the primary mobile entity, not the channel; three boundary-crossing capabilities (in, out, open) suffice to express administrative-domain mobility, and capability possession is the natural account of access control.
Mechanism: A process language extending π-style parallel composition with ambient brackets n[P] and capability prefixes; small structural-congruence-and-reduction operational semantics; an ambient logic with spatial / location modalities; type systems controlling which ambients can perform which capabilities.
Concepts introduced/used: Mobile Ambients, Ambient Calculus, Capabilities (Ambient), Mobility, Spatial Logic, Boundary (administrative domain).
Stance: foundational technical paper.
Relates to: Sibling of the Pi-Calculus — both Milner 1992 and Cardelli & Gordon 1998 lift CCS-style fixed-topology concurrency, but along different dimensions (channel-mobility vs location-mobility). Conceptually upstream of all capability-based mobile-agent security work in the vault: Agent Tcl Flexible Secure Mobile Agents and DAgents Security Book Chapter take the engineering view, while ambients give the formal model. The capability-as-token view aligns directly with Capability Security (Dennis & Van Horn 1966, Miller’s E lineage in Robust Composition - Towards a Unified Approach to Access Control and Concurrency Control) — possession of a capability name confers, and only confers, the right to act. Modern realisations include WebAssembly modules with WASI capabilities, container ingress/egress, and sandboxed JS with capability-secured imports — a re-discovery of ambient-style boundary control under different syntactic skins.